Network system and method of improving resource utilization

ABSTRACT

A network system of the present invention comprises a switch and a controller. The switch performs processes on a received packet in accordance with a flow entry in which are defined a rule and an action for uniformly controlling a packet as a flow. The controller sets the flow entry to a flow table of the switch. The switch notifies a vacancy status of a flow table of the switch itself to the controller. The controller performs a path calculation in consideration with the vacancy status of the flow table of the switch to improve a utilization of the flow table of the switch.

TECHNICAL FIELD

The present invention is related to a network system, especially to a network system of which packet transferring function of a network device and path controlling function are separated.

BACKGROUND ART

Conventional network devices are black boxes and cannot be performed from outside controls highly flexible such as load balancing or load offset. Thus, if a size of the network increases, understanding and improving a behavior of the system becomes difficult and an enormous cost involving a modification of configuration or design was problematic.

As a technique for resolving such subject, a method has been considered of separating packet transferring function of a network device and path controlling function. By charging a controlling device outside the network device of the controlling function, the control becomes easier and a highly flexible network becomes able to be constructed.

[Explanation About C/U Separation Type Network]

A C/U (Control plane/User plane) separation type network, which controls a node device (user plane) from an outside controlling device (control plane), is proposed as a network system with separated functions.

As an example of a C/U separation type network, an OpenFlow network using OpenFlow technology, which performs network path control by controlling switches from a controller, can be given. Details of the OpenFlow technology are described in Non-Patent Literature 1. It should be noted that the OpenFlow network is merely an example.

[Explanation About OpenFlow Network]

In an OpenFlow network, a controlling device such as an OpenFlow controller (OFC) operates a flow table related to path control of node devices such as an OpenFlow switches (OFS) to control behavior of the node devices.

Hereinafter, for a simplification of description, an OpenFlow controller (OFC) will be denoted by “controller (OFC)” and an OpenFlow switch (OFS) will be denoted by “switch (OFS)”.

Between a controller (OFC) and a switch (OFS) is connected a “secure channel” which is a private line or a communication path protected by SSL (Secure Socket Layer). The controller (OFC) and the switch (OFS) transmit and receive OpenFlow messages which conform to (are compliant with) OpenFlow protocol, via the secure channel.

Switches (OFS) in an OpenFlow network are edge switches and core switches which constitute the OpenFlow network and are under control of the controller (OFC). A series of flow in an OpenFlow network from a reception of packet by an input side edge switch (Ingress) to a transmission by an output side edge switch (Egress) is called a Flow.

A packet can be read as a frame. The difference between the packet and the frame is merely the Protocol Data Unit (PDU). The packet is the PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol). On the other hand, the frame is the PDU of Ethernet (registered trademark).

A flow table is a table in which is registered a flow entry in which is defined a specified operation (action) to be performed to a packet (communication data) which matches with a specified matching condition (rule).

A rule of a flow entry is defined and distinguishable by various combinations using any ones or all of a destination address, a source address, a destination port and a source port which are included in a header area (field) of each protocol layer of a packet. It should be noted that the above addresses include a MAC (Media Access Control) address and an IP (Internet Protocol) address. In addition to the above, information of entering port (Ingress Port) can be used as a rule of a flow entry. In addition, as a rule of a flow entry, a portion (or the whole) of a value of the header area of the packet showing a flow can be set by a regular expression or an expression with a wild card such as “*”.

An action of a flow entry shows an operation such as “output to a specified port”, “drop” or “rewrite a header”. For example, the switch (OFS), if identification information of an output port (such as an output port number) is shown in the action of the flow entry, outputs the packet to the corresponding port and if identification information of an output port is not shown, drops the packet. Alternatively, the switch (OFS), if header information is shown in the action of the flow entry, rewrites the header of the packet on a basis of the corresponding header information.

A switch (OFS) in an OpenFlow network performs the action of the flow entry to a group of packets (packet sequence) matching with the rule of the flow entry.

[Problem in Existing OpenFlow Network]

In an OpenFlow network, if the number of flow entries held by a switch (OFS) exceeds a maximal value showing how many the flow entries can be set, no more flow entry can be set. Consequently, a situation occurs in which an appropriate packet process cannot be performed and it occurs a packet missing or a delay due to all the packets pass through the controller (OFC).

As described above, an OpenFlow network treats packets as a flow expressed by a combination of each field of the header (L1 to L4). Each field can be summarized by use of wild cards. The management of the flow is performed by use of a flow table provided in the switch (OFS). The flow table is a set of flow entries. A flow entry is shown as a group of matching information (rule), summary information (statistic information) and instruction information (action). A sufficient capacity is ensured for the flow table, on the assumption of summarizing packets; however, in applications such as load balancing for a web service, packets need to be separated in accordance with source IP address or destination port number; and consequently, managed flow may dissipate and the flow table may overflow.

It should be noted that, in an OpenFlow network, a switch (OFS) deletes a flow entry in accordance with a combination of two time-out periods associated to the flow entry of the switch itself. One period is for a time-out of deleting a flow entry when a specified time has elapsed. The other one period is for a time-out of deleting a flow table if there is no packet matching during a specified time. Thus, if there is no more free space in the flow table, no new flow entry is added until a space is freed at any time-out; in the meantime, a packet without a flow table matching with the flow table will be dropped or ask for instruction from the controller (OFC), in accordance with a rule specified in advance.

A technique for resolving such subject in a router, which is an existing network device utilizable as a switch (OFS), is disclosed in Patent Literature 1 (Japanese Patent Publication 2001-244964). In Patent Literature 1, a network managing apparatus, which manages a plurality of routers, calculates a path for avoiding routers with high memory load or the like and set a path table of each router. However, the path table of a router is constituted of IP addresses of source and destination, that is, L3 corresponding information and thus a packet control with a granularity as high as in an OpenFlow network cannot realized.

CITATION LIST Patent Literature

Patent Literature 1: Japanese Patent Publication 2001-244964

Non Patent Literature

Non Patent Literature 1: “OpenFlow Switch Specification, Version 1.1.0 Implemented”, [online], Feb. 28, 2011, internet (URL: http://www.openflowswitch.org/documents/openflow-spec-v1.1.0.pdf)

SUMMARY OF THE INVENTION

An objective of the present invention is to provide a network system which prevents a performance degradation or packet loss involved in depletion of management area of flow entry related to packet processing rule, in a function separation type network such as an OpenFlow network.

A network system related to the present invention includes a switch, which performs a process on received packet in accordance with a flow entry in which are defined a rule and an action for uniformly controlling packets as a flow, and a controller which sets the flow entry to a flow table of the switch. The switch notifies to the controller about a vacancy situation of the flow table of the switch itself. The controller performs a path calculation in consideration of the vacancy situation of the flow table of the switch and improves utilization ratio of the flow table of the switch.

In a method of improving a resource utilization related to the present invention, a switch performs a process on received packet in accordance with a flow entry in which are defined a rule and an action for uniformly controlling packets as a flow. In addition, a controller sets the flow entry to a flow table of the switch. At this time, the switch notifies to the controller about a vacancy situation of the flow table of the switch itself. In addition, the controller performs a path calculation in consideration of the vacancy situation of the flow table of the switch and improves utilization ratio of the flow table of the switch.

A program related to the present invention is a problem to make a switch and a controller execute a process in the above method of improving utilization. It should be noted that the program related to the present invention can be stored in a storage medium, a storage device or the like.

In a function separation type network such as an OpenFlow network, a performance degradation or packet loss involved in depletion of management area of flow entry related to packet processing rule is prevented.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram showing a constitution example of a network system related to a first exemplary embodiment of the present invention.

FIG. 2 is a flowchart showing a flow of processes when notifying a vacancy situation of a flow table in a first exemplary embodiment of the present invention.

FIG. 3 is a flowchart showing a flow of processes when a first packet arrives in a first exemplary embodiment of the present invention.

FIG. 4 is a diagram showing a constitution example of a network system related to a second exemplary embodiment of the present invention.

FIG. 5 is a flowchart showing a flow of processes when notifying a vacancy situation of a flow table in a second exemplary embodiment of the present invention.

FIG. 6 is a flowchart showing a flow of processes when a first packet arrives in a second exemplary embodiment of the present invention.

DESCRIPTION OF EXEMPLARY EMBODIMENTS

A target of the present invention is a C/U separation type network. Hereinafter, an example of an OpenFlow network, which is one of C/U separation type network, will be described. It should be noted that the present invention is not limited by the OpenFlow network.

A First Exemplary Embodiment

Hereinafter, a first exemplary embodiment of the present invention will be described by referring to attached drawings.

[System Constitution]

First, a constitution example of a network system related to the present invention will be described by referring to FIG. 1.

A network system related to the present invention includes a controller (OFC) 10 and a switch (OFS) 20.

The controller (OFC) 10 manages the switch (OFS) 20.

The switch (OFS) constitutes a network.

Between the controller (OFC) 10 and the switch (OFS) 20 is connected a “secure channel” which is a private line or a communication path protected by SSL (Secure Socket Layer). The controller (OFC) 10 and the switch (OFS) 20 perform communication by use of an OpenFlow message (100) which conforms to OpenFlow protocol, via the secure channel.

In addition, the switch (OFS) 20 is connected to a neighboring switch (OFS) 20 via a network such as LAN (Local Area Network). Furthermore, the switch (OFS) 20 can be connected to a host (client, server or the like) or a network device which does not support OpenFlow if the switch (OFS) itself corresponds to an edge switch.

[Constitution of Controller (OFC)]

Next, an example of a constitution of the controller (OFC) 10 will be described.

The controller (OFC) 10 includes a network management section 11, a path calculation section 12 and a communication process section 13.

The network management section 11 manages information related to the network constituted by the switch (OFS) 20.

The path calculation section 12 calculates a path (communication path) of packet received from the switch (OFS) 20 on a basis of information managed by the network management section 11.

The communication process section 13 performs transmission and reception of OpenFlow message to and from the switch (OFS) 20 via the secure channel. In addition, the communication process section 13 generates a flow entry on a basis of a path obtained as a result of the calculation and generates an OpenFlow message for setting the flow entry to the switch (OFS) 20. Alternatively, the communication process section 13 receives an OpenFlow message related to a modification of flow entry or the like from the switch (OFS) 20 and performs a modification of information managed by the network management section 11 or the like.

[Details of Network Management Section]

Next, details of the network management section 11 will be described.

The network management section 11 holds a topology management table 111, a switch (OFS) management table 112, a path management table 113 and a flow management table 114.

The topology management table 111 is a set of topology information (network topology) showing a status of connection between the switches (OFS). Herein, the path calculation section 12 calculates an optimal path on a basis of topology information included in the topology management table 111.

The switch (OFS) management table 112 manages a status of the switch (OFS) managed by the controller (OFC) 10. Herein, the “status of the switch (OFS)” designates the status of vacancy of the flow table. The status of vacancy of the flow table designates a ratio of a number of vacant flow entries to a number of all flow entries.

The path management table 113 manages a list of switches (OFS) included in a path.

The flow management table 114 manages information related to flow entries set to flow tables of all the switches (OFS) 20 under management (which are targets of management) of the controller (OFC) 10. For example, the flow management table 114 manages a master table of the flow tables of all the switches (OFS).

[Details of Switch (OFS) Management Table]

Next, details of the switch (OFS) management table will be described.

The switch (OFS) management table 112 is a set of switch (OFS) status information. The switch (OFS) status information is shown as a group of a switch (OFS) ID 1121 and a switch (OFS) status 1122.

The switch (OFS) ID 1121 is information for identifying a switch (OFS) 20. The switch (OFS) status 1122 is information for showing a status of vacancy or the like of a flow table of the relevant switch (OFS) 20.

[Details of Path Management Table]

Next, details of the path management table 113 will be described.

The path management 113 is a set of path management information. The path management information is shown as a group of a path ID 1131 and a switch (OFS) list 1132.

The path ID 1131 is information for identifying a path obtained as a result of the path calculation. The switch (OFS) list 1132 is a list showing switches (OFS) 20 on the path.

[Details of Flow Management Table]

Next, details of the flow management table 114 will be described.

The flow management table 114 is a set of flow management information. The flow management information is shown as a group of a flow ID 1141, a path ID 1142 and a switch (OFS) ID 1143.

The flow ID 1141 is information for identifying flow entries set to the switch (OFS) 20. The path ID 1142 is information for identifying the path which became the basis of the relevant flow entry. The switch (OFS) ID 1143 is information for identifying the switch (OFS) 20 to which the relevant flow entry is set.

[Constitution of Switch (OFS)]

Next, an example of a constitution of the switch (OFS) 20 will be described.

The switch (OFS) 20 includes an OpenFlow process section 21 and a flow table management section 22.

The OpenFlow process section 21 performs processes on received packets. In addition, the OpenFlow process section 21 performs transmissions and receptions of OpenFlow messages to and from the controller (OFC) 10. For example, the OpenFlow process section 21 verifies, when receiving a packet, whether the relevant packet matches with a flow entry included in a flow table of the switch (OFS) 20. In a case of no matching, the OpenFlow process section 21 transmits an OpenFlow message, for requesting a path calculation of the relevant packet and a setting of the flow entry, to the controller (OFC) 10 via the secure channel and receives as a response an OpenFlow message for setting the flow entry. In a case of matching, the OpenFlow process section 21 executes an action specified in the relevant flow entry to the relevant packet.

The flow management table 22 holds a flow table 221. The flow table 221 is a flow table of the switch (OFS) 20. Herein, the flow table management section 22 manages (adds, updates or deletes) a flow entry included in the flow table 221.

[Details of Flow Table]

Next, details of the flow table 221 will be described.

The flow table 221 is a set of flow entries. A flow entry is shown as a group of matching information (Match Fields) 2211, summary information (Counters) 2212 and instruction information (Instructions) 2213.

The matching information (Match Fields) 2211 is information equivalent to the rule of the relevant flow entry and is information for collating and identifying the packet received by the switch (OFS) 20. The matching information (Match Fields) 2211 is specified by use of an input port of the packet and a field of header information of the packet. Each field of the matching information (Match Fields) 2211 can be aggregated with wild cards.

The summary information (Counters) 2211 is statistic information which records a number of packets which have matched with the relevant flow entry.

The instruction information (Instructions) 2213 is information equivalent to the action of the relevant flow entry and is information showing the process to be done to the received packet. As an example of a process to be done to a packet, there are a transferring process for transferring the packet to a physical port or a virtual port as an output port (Send), a dropping process for dropping the packet (Drop) and the like.

[Details of Matching Information (Matching Fields)]

Next, details of matching information (Matching Fields) 2211 will be described.

Matching information (Matching Fields) 2211 is specified by use of information such as an input port (Ingress Port), Meta data, a source MAC address (Ether src), a destination MAC address (Ether dst), an Ether type, a virtual LAN identifier (VLAN id), a virtual LAN priority (VLAN priority), an MPLS label, an MPLS traffic class, a source IP address (IP src), a destination IP address (IP dst), an IP protocol, an IP service type (IP ToS bits), a source port (TCP/UDP src Port), a destination port (TCP/UDP dst Port) and the like.

The input port (Ingress Port) shows the port which received the present packet at first. Meta data show information related to the present packet. The source MAC address, the destination MAC address and the Ether type respectively show information of 16 bits for identifying the source MAC address, the destination MAC address and higher layer protocol. MPLS (Multi-Protocol Label Switching) is a packet transferring technology using a label switching method. The MPLS label shows an identification mark with a fixed length to be used instead of an IP header. The MPLS traffic class shows information for performing identification and a specification of different classes or priorities. The source IP address (IP src), the destination IP address (IP dst), the IP protocol and the IP service type (IP ToS bits) respectively show a source IP address, a destination IP address, an IP protocol number and a TOS octet (eight bits octet portion included in a header of an IP packet). The TOS octet is used to specify a priority of a process for a purpose of controlling a quality of service (QoS) of a communication. The source port (TCP/UDP src Port) and the destination port (TCP/UDP dst Port) respective show a source port number and a destination port number.

[Details of OpenFlow Message]

Next, details of the OpenFlow message 100 will be described.

The OpenFlow message 100 can be broadly classified into three types of messages: a switch control message (Controller to Switch) 101; an asynchronous message (Asynchronous); and a symmetric message (symmetric) 103.

The switch control message (Controller to Switch) 101 is a message from the controller (OFC) 10 to the switch (OFS) 20. For example, the switch control message (Controller to Switch) 101 may be a message related to an inquiry about a status of the switch (OFS) 20 (Modify-State/Read-State),modification of flow table (Packet-out) or the like.

The asynchronous message (Asynchronous) 102 is a message from the switch (OFS) 20 to the controller (OFC) 10. For example, the asynchronous message (Asynchronous) 102 may be a message related to a notification of an arrival of a first packet (Packet-in), a notification of removing a flow entry (Flow-Removed), a notification of a result of execution of a switch control message (Controller to Switch) or the like. It should be noted that a first packet is a packet of which no flow entry matching to a flow table of a switch (OFS) exists.

The symmetric message (symmetric) 103 is a message of a synchronous type used in a negotiation (exchange of information related to communication conditions) for a communication channel establishment between the controller (OFC) 10 and the switch (OFS) 20 or the like.

[Notification of Vacancy Status of Flow Table]

Next, the “notification of a vacancy status of a flow table”, which is one key point of the present invention, will be described.

In the present invention, the switch (OFS) 20 uses an OpenFlow message 100 to notify the controller (OFC) 10 about a vacancy status of the flow table of the switch (OFS) 20 itself.

More specifically, the OpenFlow process section 21 of the switch (OFS) 20 transmits, to the controller as the OpenFlow message 100, a message for notifying about the vacancy status of the flow table 221 of the switch (OFS) 20 (flow table vacancy status notifying message).

As a requirement of this message, it is needed to be able to record a vacancy status of the flow table 221.

As described above, as the OpenFlow message 100, messages between a controller (OFC) and a switch (OFS) can be broadly classified into three types of messages: a switch control message (Controller to Switch) 101; an asynchronous message (Asynchronous); and a symmetric message (symmetric) 103.

The message suitable for the use of the present invention is the asynchronous message (Asynchronous) 102.

As a message for notifying the vacancy status of the flow table 221, it can be considered to perform “extension of existing messages” or “addition of new messages” to the asynchronous message (Asynchronous) 102.

(1) Extension of Existing Messages

As a message for notifying the vacancy status of the flow table 221, existing messages of the asynchronous message (Asynchronous) will be extended. Herein, an error message (Error message) will be used as an existing message.

The reason for using the error message (Error message) as an existing message is as following. First, the error message (Error message) includes a group of a type field, a code field and a data field (has each field) and, thanks to its structure, a vacancy status of a flow table can be recorded. In addition, the error message (Error message) can notify the vacancy status as a result of correcting the flow table.

For example, in a case of using the error message (Error message), it can be considered to record a resource utilization status in the type field, record a flow table in the code field and record a vacancy status in the data field, or the like.

However, since the vacancy status of a flow table is not an error in itself, a “deviation” (inconsistency) occurs on the meaning of message of the error message (Error message). In a case of avoiding the “deviation” of the meaning of a message, the error message (Error message) which is an existing message will not be extended and used but a new message will be added instead.

(2) Addition of New Message

A new message is added to the asynchronous message (Asynchronous) 102 as a message for notifying the vacancy status of the flow table 221.

When adding a new message, a message for notifying a resource utilization status from the switch (OFS) 20 to the controller (OFC) 10 is newly defined as the asynchronous message (Asynchronous) 102.

The communication process section 13 of the controller (OFC) 10 and the OpenFlow process section 21 of the switch (OFS) 20 transmit and receive asynchronous messages (Asynchronous) such as above via the secure channel.

The switch (OFS) 20 transmits the asynchronous message (Asynchronous) 102 as above to notify to the controller (OFC) 10 about the vacancy status of the flow table 221 of the switch (OFC) 20 itself. When receiving an asynchronous message (Asynchronous) 102 as above, the controller (OFC) 10 analyses the message, recognizes and understands the vacancy status of the flow table 221 of the switch (OFS) 20 and manages information related to the vacancy status of the flow table 221 of the switch (OFS) 20 inside.

In addition, when being notified by the switch (OFS) about the vacancy status of the flow table, the controller (OFC) compares the flow table vacancy with a threshold value A (a first threshold value) and if the flow table vacancy is lower than the threshold value A (the first threshold value), set an alternate path so that the flow entry number decreases and deletes an original path. That is, the path calculation section 12 of the controller (OFC) 10 calculates, in relation with a path passing through the relevant switch (OFS) 20, an alternate path which does not pass through the switch (OFS) 20, adds a flow entry to a flow table 221 of a switch (OFS) 20 on the alternate path and deletes the flow entry from the flow table 221 of the switch (OFS) 20 on the original path. As a result, the vacancy status of the flow table of the switch (OFS) 20 is forcibly improved.

In addition, when receiving a notification of a first packet arrival and calculating a new path, the controller (OFC) 10 calculates the new path by considering (in accordance with) a vacancy status of the flow table 221 of the switch (OFS) 20. That is, the controller (OFC) 10 calculates a path on a basis of a topology from which are excluded switches (OFS) with vacancy of flow table 221 lower than a threshold value B (a second threshold value) set in advance. As a result, increase of flow entries of switch (OFS) 20 can be suppressed.

“Vacancy of flow table is lower than threshold” shows a situation where enough capacity is not kept in the flow table. For example, it shows a situation where a number of flow entries set in a flow table is greater than a specified value.

The threshold value A (the first threshold value) and the threshold value B (the second threshold value) can be a same value.

In addition, the controller (OFC) 10 can perform path dispersion on a basis of information of flow tables L1 to L4 or the like. For example, a finer control can be implemented on a basis of port information (equivalent to L4) or statistic information managed per unit of a flow entry of a flow table or the like, even if source IP address and destination IP address (equivalent to L3) are identical.

[Process When Notifying Vacancy Status of Flow Table]

A flow of processes when the switch (OFS) 20 notifies to the controller (OFC) 10 about a vacancy status of a flow table will be described by referring to FIG. 2.

(1) Step S101

The OpenFlow process section 21 of the switch (OFS) 20 monitors the flow table 221 of the flow table management section 22 constantly, periodically or in accordance to instructions and requests from the controller (OFC) 10 to verify the vacancy status of the flow table 221.

(2) Step S102

The OpenFlow process section 21 of the switch (OFS) 20 transmits an asynchronous message (Asynchronous) 102 related to the vacancy status of the flow table 221 to notify to the controller (OFC) 10 about the vacancy status of the flow table 221 of the switch (OFS) 20 itself. The asynchronous message (Asynchronous) 102 related to the flow table 221 is a flow table vacancy status notifying message.

(3) Step S103

The communication process section 13 of the controller (OFC) 10 receives from the switch (OFS) 20 the asynchronous message (Asynchronous) 102 related to the vacancy status of the flow table 221 of the relevant switch (OFS) 20.

(4) Step S104

The communication process section 13 of the controller (OFS) 10 analyses the received asynchronous message (Asynchronous) 102, extracts and acquires information related to the vacancy status of the flow table 221 of the relevant switch (OFS) 20 and records this information to the switch (OFS) management table 112 of the network management section 11.

(5) Step S105

The path calculation section 12 of the controller (OFC) 10 refers to the switch (OFS) management table 112 of the network management 11, compares the vacancy of the flow table 221 of the relevant switch (OFS) 20 to the threshold value A (the first threshold value) and verifies whether the vacancy of the flow table 221 is lower than the threshold value A (the first threshold value). It should be noted that if the vacancy of the flow table 221 is not lower than the threshold value A (the first threshold value) (No in step S105), enough capacity is kept in the flow table 221 and there is no influence; thus, the path calculation section 12 of the controller (OFC) 10 ends the process.

(6) Step S106

If the vacancy of the flow table 221 is lower than the threshold value A (the first threshold value) (Yes in step S105), the path calculation section 12 of the controller (OFC) 10 refers to the path management table 113 of the network management section 11 to search for a path via the relevant switch (OFS) 20. It should be noted that the path calculation section 12 of the controller (OFC) 10 is able to search for a path via the relevant switch (OFS) 20 on a basis of statics information per unit of a flow entry of the flow table 221, L1 to L4 information or the like.

(7) Step S107

The path calculation section 12 of the controller (OFC) 10 verifies whether a path via the relevant switch (OFS) 20 exists. It should be noted that, if no path via the relevant switch (OFS) exists (No in step S107), the relevant switch (OFS) 20 is not included in existing paths and there is no influence; thus the path calculation section 12 of the controller (OFC) 10 ends the process.

(8) Step S108

If the path passing through the relevant switch (OFS) 20 exists (Yes in step S107), the path calculation section 12 of the controller (OFC) 10 refers to the topology management table 111 of the network management section 11 and re-calculates a path, on a basis of topology information from which the relevant switch (OFS) 20 is excluded, so that the flow passing through the relevant switch (OFS) 20 passes through another switch (OFS) 20.

(9) Step S109

The path calculation section 12 of the controller (OFC) 10 verifies whether the path calculation was successful. It should be noted that the path calculation section 12 of the controller (OFC) 10 ends the process if the path calculation was failed (No in step S109). For example, if the relevant switch (OFS) is an edge switch and is excluded, no switch as a starting point exists and thus a path calculation fails.

(10) Step S110

If the path calculation was successful (Yes instep S109), the communication process section 13 of the controller (OFC) transmits “add/modify” among flow table modification messages “Flow_mod” to all switches (OFS) 20 on the new path to set a new entry on the flow tables 221 of all switches (OFS) on the new path. At that time, the communication process section 13 of the controller (OFC) 10 set the flow entry in an order beginning with the switch (OFS) 20 at the end of the path (destination side). The reason is because, if the flow entry is set in an order beginning with the switch (OFS) 20 at the beginning of the path (source side), packet transmission or the like will start before the setting of the flow entry on all the switches (OFS) 20 on the path is complete.

In addition, the communication process section 13 of the controller (OFC) 10 transmits “delete” among flow table modification messages “Flow_mod” to all the switches (OFS) 20 on the original path to delete the original flow entry from the flow table 221 of all the switches (OFS) 20 on the original path. Naturally, the original flow entry is deleted from the flow table 221 of the switch (OFS) 20, which is the source of notification, included in the original path. As a result, the vacancy of the flow table 221 of the notification source switch (OFS) 20 increases.

It should be noted that, in fact, the original flow entry can be deleted from the flow tables 221 of all the switches (OFS) on the original path before setting the new flow entry on the flow tables 221 of all the switches (OFS) 20 on the relevant path.

By continuing the above process until the vacancy status of the flow table 221 of the notification source switch (OFS) 20 becomes greater than the threshold value A (the first threshold value), the vacancy status of the flow table 221 of the relevant switch (OFS) 20 can be forcibly improved.

[Process at First Packet Arrival]

Next, operations of the controller (OFC) 10, to suppress an overflowing of the flow table 221 of the switch (OFS) 20 when calculating the path of the flow at first packet arrival, will be described by referring to FIG. 3.

Ordinary, in an OpenFlow network, when receiving a packet of which no flow entry matching to the flow table 221 exist (first packet), the switch (OFS) 20 transmits a packet input message “Packet_In” (first packet arrival notification and packet head information) to the controller (OFC) 10 and requests a path calculation.

(1) Step S201

The communication process section 13 of the controller (OFC) 10 receives the packet input message “Packet_In” (first packet arrival notification and packet header information) from the switch (OFS) 20. At that time, the communication process section 13 of the controller (OFC) 10 can instruct and request to all the switches (OFS) 20 under management to notify the vacancy status of the flow table 221 (transmission of flow table vacancy status notification message). In this case, the communication process section 13 of the controller (OFC) 10 updates the switch (OFS) management table 112 of the network management section 11 in response to the notification of vacancy status of the flow table 221.

(2) Step S202

When receiving the packet input message “Packet_In”, the path calculation section 12 of the controller (OFC) 10 refers to the switch (OFS) management table 112 of the network management section 11 to recognize the vacancy status of the flow tables 221 of all the switches (OFS) 20 under management.

(3) Step S203

The path calculation section 12 of the controller (OFC) 10 compares the vacancy of the flow tables 221 of all the switches (OFS) 20 under management and the threshold value B (the second threshold value) set in advance to verify whether a switch (OFS) 20, of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value), exists.

(4) Step S204

If no switch (OFS) 20 of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value) exists (No in step S203), the path calculation section 12 of the controller (OFC) 10 calculates the path on a basis of all topology information, as ordinary.

(5) Step S205

If a switch (OFS) 20 of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value) exists (Yes in step S203), the path calculation section 12 of the controller (OFC) 10 refers to the topology management table 111 of the network management section 11 and performs a path calculation on a basis of topology information from which is excluded the switch (OFS) 20 of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value).

(6) Step S206

The path calculation section 12 of the controller (OFC) 10 verifies whether the path calculation is successful.

(7) Step S207

If the path calculation is failed (No in step S206), the path calculation section 12 of the controller (OFC) 10 re-calculate a path on a basis of topology information including the excluded switch (OFS) 20. For example, if the excluded switch (OFS) 20 is an edge switch, no switch (OFS) 20 as a starting point exists after exclusion and thus path calculation fails. In this case, the threshold value B (the second threshold value) is preferably a value except “zero”. This is because, if the threshold value B (the second threshold value) is “zero” , as soon as lowering, the flow table 221 of the excluded switch (OFS) 20 will be in a status of no vacancy and thus there is a possibility of causing a trouble in a setting of new entry related to a new path. However, in a case of deleting an old flow entry related to the original path before setting the new flow entry related to the new path, a vacancy will occur in the flow table 221 and thus, the threshold value B (the second threshold value) can be “zero”.

(8) Step S208

In a case where the path calculation was successful (Yes in step 206), after path re-calculation (after step S207) or after the path calculation as ordinary (after step S204), the communication process section 13 of the controller (OFC) 10 transmits “add/modify” among flow table modification messages “Flow_mod” to all the switches (OFS) 20 on the new path and sets a new flow entry on the flow tables 221 of all the switches (OFS) 20 on the new path.

(9) Step S209

The communication process section 13 of the controller (OFC) 10 verifies a completion of setting new flow entry in accordance with response message from the switch (OFS) 20, updates each of the path management table 113 and flow management table 114 of the network management section 11 and records information of the new path and its flow entry.

(10) Step S210

The communication process section 13 of the controller (OFC) 10 transmits a packet output message “Packet_Out” (packet transmission instruction) to the switch (OFS) 20 which is source of the packet input message “Packet_In” and instructs a packet transmission. At that time, if the source switch (OFS) 20 is not included in (is excluded from) the new path, the communication process section 13 of the controller (OFC) 10 instructs the source switch (OFS) 20 to transmits a packet to the switch (OFS) 20 at the beginning of the new path.

Effect of the Present Exemplary Embodiment

Effect of the present exemplary embodiment will be described below.

In the present exemplary embodiment, in a network constituted of network devices of which control function and transfer function are separated, as typified by OpenFlow, performance degradation and packet loss due to table overflow are prevented before occurring, by determining a path and a flow entry after recognizing vacancy status of a flow table managing a flow entry related to a rule of packet process.

In addition, in the present exemplary embodiment, when a table over flow occurs, performance degradation and packet loss due to the table over flow are prevented by dispersing flows via the corresponding network device to other network devices.

In addition, in the present exemplary embodiment, a more detailed load balancing control can be realized by performing flow dispersing on a basis of flow table information (statistic information, packet header information L1 to L4).

In addition, in the present exemplary embodiment, a path selection can be performed with a flexibility related to resource utilization status by applying to resources other than table vacancy status.

If a switch (OFS) is implemented as a hardware switch, a dynamic extension of resources is very difficult (or impossible) and thus, the present exemplary embodiment is effective.

Second Exemplary Embodiment

The second exemplary embodiment of the present invention will be described below by referring to attached drawings.

If a switch (OFS) is implemented as software such as a virtual switch, an operation in a case where there is no vacancy in a flow table can be defined by using characteristics in that resource extension is easy.

In the present exemplary embodiment, if the vacancy of the flow table of the switch (OFS) is lower than the threshold value A (the first threshold value) in step S105 of FIG. 2, the flow table is extended by generating an instance of a new virtual switch and bridging (linking, connecting) to existing virtual switches. That is, by linking existing virtual switches and the new virtual switch, the flow table capacity increase by the amount corresponding to the flow table of the new virtual switch.

The controller (OFC) watches the utilization status of resources (CPU, memory, NIC or the like) of hardware (physical machine such as a network device) operating as software like a virtual switch and determines whether such flow table extension is to be implemented or not.

[System Constitution]

A constitution of a network system related to the present exemplary embodiment will be described by referring to FIG. 4.

A network system related to the present exemplary embodiment includes a controller (OFC) 10 and a switch (OFS) 20.

In the present exemplary embodiment, the switch (OFS) 20 is supposed to be a virtual switch. It should be noted that internal constitutions of the controller (OFC) 10 and the switch (OFS) 20 are basically identical to those in the first exemplary embodiment.

[Process For Notifying Vacancy Status of Flow Table]

Process for notifying vacancy status of a flow table when the switch (OFS) 20 is a virtual switch will be described by referring to FIG. 5.

(1) Step S301

The OpenFlow process section 21 of the switch (OFS) 20 monitors the flow table 221 of the flow table management section 22 constantly, periodically or in accordance to instructions and requests from the controller (OFC) 10 to verify the vacancy status of the flow table 221.

(2) Step S302

The OpenFlow process section 21 of the switch (OFS) 20 transmits an asynchronous message (Asynchronous) 102 related to the vacancy status of the flow table 221 to notify to the controller (OFC) 10 about the vacancy status of the flow table 221 of the switch (OFS) 20 itself. The asynchronous message (Asynchronous) 102 related to the flow table 221 is a flow table vacancy status notifying message.

(3) Step S303

The communication process section 13 of the controller (OFC) 10 receives from the switch (OFS) 20 the asynchronous message (Asynchronous) 102 related to the vacancy status of the flow table 221 of the relevant switch (OFS) 20.

(4) Step S304

The communication process section 13 of the controller (OFS) 10 analyses the received asynchronous message (Asynchronous) 102, extracts and acquires information related to the vacancy status of the flow table 221 of the relevant switch (OFS) 20 and records this information to the switch (OFS) management table 112 of the network management section 11.

(5) Step S305

The path calculation section 12 of the controller (OFC) 10 refers to the switch (OFS) management table 112 of the network management 11, compares the vacancy of the flow table 221 of the relevant switch (OFS) 20 to the threshold value A (the first threshold value) and verifies whether the vacancy of the flow table 221 is lower than the threshold value A (the first threshold value). It should be noted that if the vacancy of the flow table 221 is not lower than the threshold value A (the first threshold value) (No in step S305), enough capacity is kept in the flow table 221 and there is no influence; thus, the path calculation section 12 of the controller (OFC) 10 ends the process.

(6) Step S306

If the vacancy of the flow table 221 is lower than the threshold value A (the first threshold value) (Yes in step S305), the path calculation section 12 of the controller (OFC) 10 verifies whether there is enough margin in the utilization status of resource of hardware in which the relevant switch (OFS) 20 operates as software like a virtual switch. It should be noted that if there is not enough margin in the utilization status of resource, the flow table extension will be abandoned and, similarly to the first exemplary embodiment, a path passing through the relevant switch (OFS) 20 will be searched; if such a path exists, a process of re-calculating a path will be performed on a basis of topology information from which the relevant switch (OFS) 20 is excluded (transition to step S106 of FIG. 2). Alternatively, it can be determined that setting a new flow entry to the relevant switch (OFS) 20 is impossible and then the process can be ended.

(7) Step S307

If there is enough margin in the utilization status of resource (Yes in step S306), the communication process section 13 of the controller (OFC) 10 generates, for the relevant hardware, an instance for the new virtual switch to be bridged with the relevant switch (OFS) 20 (existing virtual switch). That is, on the path, the new virtual switch is put on par with the relevant switch (OFS) 20.

It should be noted that, while there is enough margin in the utilization status of resource of hardware in which a switch (OFS) 20 operates as software like a virtual switch, the communication process section 13 of the controller (OFC) 10 can generate any number of instances of new virtual switches.

Hereinafter, the OpenFlow process section 21 of the switch (OFS) 20 searches, when receiving a packet, in the flow table 221 of the switch (OFS) 20 itself; and if no flow entry matching with the received packet exists, the OpenFlow process section 21 searches in a flow table 221 of the new virtual switch. If no flow entry matching with the received packet exists either in the flow table 221 of the new virtual switch, the OpenFlow process section 21 transmits a packet input message “Packet_In” (first packet arrival notification and packet header information) to the controller (OFC) 10 to request for a path calculation.

In addition, if the relevant switch (OFS) 20 (existing virtual switch) is excluded from the path or if the flow table 221 of the new virtual switch becomes empty, the OpenFlow process section 21 of the switch (OFS) 20 can request for a deletion of the bridged virtual switch to the hardware in which the relevant switch (OFS) 20 operates as a software like a virtual switch and notify to the controller (OFC) 10 about having deleted the new virtual switch. At that time, the communication process section 13 of the controller (OFC) 10 can delete the new virtual switch on the relevant hardware.

[Process on First Packet Arrival]

The process on an arrival of a first packet in a case where the switch (OFS) 20 is a virtual switch will be described by referring to FIG. 6.

(1) Step S401

The communication process section 13 of the controller (OFC) 10 receives the packet input message “Packet_In” (first packet arrival notification and packet header information) from the switch (OFS) 20. At that time, the communication process section 13 of the controller (OFC) 10 can instruct and request to all the switches (OFS) 20 under management to notify the vacancy status of the flow table 221 (transmission of flow table vacancy status notification message). In this case, the communication process section 13 of the controller (OFC) 10 updates the switch (OFS) management table 112 of the network management section 11 in response to the notification of vacancy status of the flow table 221.

(2) Step S402

When receiving the packet input message “Packet_In”, the path calculation section 12 of the controller (OFC) 10 refers to the switch (OFS) management table 112 of the network management section 11 to recognize the vacancy status of the flow tables 221 of all the switches (OFS) 20 under management.

(3) Step S403

The path calculation section 12 of the controller (OFC) 10 compares the vacancy of the flow tables 221 of all the switches (OFS) 20 under management and the threshold value B (the second threshold value) set in advance to verify whether a switch (OFS) 20, of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value), exists.

(4) Step S404

If a switch (OFS) 20 of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value) exists (Yes in step S403), the path calculation section 12 of the controller (OFC) 10 verifies whether there is enough margin in utilization status of resource of hardware in which the relevant switch (OFS) 20 operates as software like a virtual switch. It should be noted that, if there is not enough margin in the utilization status of resource (No in step S404), the communication process section 13 of the controller (OFC) 10 abandons the extension of the flow table and, similarly to the first exemplary embodiment, performs a process of path re-calculation on a basis of topology information from which the relevant switch (OFS) 20 is excluded (transition to step S205 of FIG. 3). Alternatively, it can be determined that setting a new flow entry to the relevant switch (OFS) 20 is impossible and then the process can be ended.

(5) Step S405

If there is enough margin in the utilization status of resource (Yes in step S404), the communication process section 13 of the controller (OFC) 10 generates, for the relevant hardware, an instance for the new virtual switch to be bridged with the relevant switch (OFS) 20 (existing virtual switch). That is, on the path, the new virtual switch is put on par with the relevant switch (OFS) 20.

(6) Step S406

If no switch (OFS) 20 of which the vacancy of the flow table 221 is lower than the threshold value B (the second threshold value) exists (No in step S403) or if an instance for the new virtual switch is generated (after step S405), the path calculation section 12 of the controller (OFC) 10 calculates the path on a basis of all topology information, as ordinary.

(7) Step S407

The communication process section 13 of the controller (OFC) 10 transmits “add/modify” among flow table modification messages “Flow_mod” to all the switches (OFS) 20 on the new path and sets a new flow entry on the flow tables 221 of all the switches (OFS) 20 on the new path.

(8) Step S408

The communication process section 13 of the controller (OFC) 10 verifies a completion of setting new flow entry in accordance with response message from the switch (OFS) 20, updates each of the path management table 113 and flow management table 114 of the network management section 11 and records information of the new path and its flow entry.

(9) Step S409

The communication process section 13 of the controller (OFC) 10 transmits a packet output message “Packet_Out” (packet transmission instruction) to the switch (OFS) 20 which is source of the packet input message “Packet_In” and instructs a packet transmission. At that time, if the source switch (OFS) 20 is not included in (is excluded from) the new path, the communication process section 13 of the controller (OFC) 10 instructs the source switch (OFS) 20 to transmits a packet to the switch (OFS) 20 at the beginning of the new path.

Effects of the Present Exemplary Embodiment

Effects of the present exemplary embodiment will be described below.

In the present exemplary embodiment, it is possible to suppress an overflow of flow table without re-calculating a path, setting a new flow entry, deleting an old flow entry or the like. Thus, in comparison with the first exemplary embodiment, load of the controller (OFC) (amount of resource consumption) can be mitigated.

Relationship Between Each Exemplary Embodiment

It should be noted that the above exemplary embodiments can be implemented in combination. For example, in a network system related to the present invention, it can be considered a situation where switches (OFS) corresponding to each exemplary embodiment above are mixed.

Exemplification of Hardware

Detailed examples of hardware for realizing a network system will be described below.

As an example of the controller (OFC), a computer such as a PC (Personal Computer), an appliance, a thin client server, a workstation, a mainframe, a supercomputer or the like is assumed. It should be noted that the controller (OFC) can be, not only a terminal or a server, but also a relay device or a peripheral device. In addition, the controller (OFC) can be also an extension board mounted on a computer or the like or a VM (Virtual Machine) constituted in a physical machine.

As examples of a switch (OFS), it can be considered a network switch, a router, a proxy server, a gateway, a firewall, a load balancer, a packet shaper, a SCADA (Supervisor Control And Data Acquisition), a gatekeeper, a base station, an AP (Access Point), a CS (Communication Satellite), a computer having a plurality of ports or the like. In addition, it can be a virtual switch realized by a VM (Virtual Machine) constituted in a physical machine.

The controller (OFC) and the switch (OFS) can be mounted on a mobile object such as a vehicle, a ship or an aircraft.

Each of the controller (OFC) and the switch (OFS) are realized by a processor which drives in accordance with a program to execute specified processes, a memory which stores the relevant program and various data and an interface used for communicating with a network, which are not shown in drawings.

As examples of the above processor, it can be considered a CPU (Central Processing Unit), a NP (Network Processor), a microprocessor, a microcontroller, an LSI (Large Scale Integration) or the like.

As examples of the above memory, it can be considered a semiconductor memory device such as a RAM (Random Access Memory), a ROM (Read Only Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory), a flash memory or the like, an auxiliary storage device such as an SSD (Solid State Drive), a removable disk such as a DVD (Digital Versatile Disk), a storage media such as an SD (Secure Digital) memory card or the like. Alternatively, it can be storage device using a DAS (Direct Attached Storage), an FC-SAN (Fibre Channel-Storage Area Network), a NAS (Network Attached Storage) or an IP-SAN (IP-Storage Area Network).

It should be noted that the above processor and the above memory can be integrated. For example, in recent years, integrations into a single chip are in progress, such as microcomputers. Therefore, it can be considered a case where a single chip microcomputer mounted on an electronic device or the like includes the above processor and the above memory.

As examples of the above interface, it can be considered a board (motherboard, I/O board) supporting a network communication, a semiconductor integrated circuit such as a chip, a network adaptor or similar extension card such as a NIC (Network Interface Card), a communication device such as an antenna or the like, a communication port such as a connector or the like, or the like.

In addition, as examples of a network, it can be considered internet, LAN (Local Area Network), Wireless LAN, WAN (Wide Area Network), Backbone, CATV line, fixed telephone network, mobile telephone network, WiMAX (IEEE 802.16a), 3G (3rd Generation), a lease line, IrDA (Infrared Data Association), Bluetooth (trademark), serial communication line, data bus or the like.

It should be noted that internal constituting elements of each of the controller (OFC) and the switch (OFS) can be a module, a component, a dedicated device or a program for starting-up those elements.

However, in fact, those examples are not limitative.

Characteristics of the Present Invention

As described above, the present invention prevents performance degradations and packet losses associated with depletion of flow entry management area related to packet processing rules.

The target of the present invention is a network constituted with network devices in which control function and transfer function are separated, as typified by an OpenFlow network.

In addition, in the present invention, packet path is determined in so that flow entries number can be suppressed.

In addition, in the present invention, flow entries are dispersed to alternative network devices when flow entries number exceeds a specific value.

In addition, in the present invention, flow entry dispersion is performed in accordance with flow entry statistic information and packet header information of L1 to L4.

In addition, in the present invention, path calculation is performed in consideration of vacancy status of flow table to improve flow table utilization.

In addition, in the present invention, substitution of existing flows is performed when there is no vacancy in flow table. Flow entry statistic information and packet header information of L1 to L4 are used in flow substitution to realize a fine load balancing.

Remarks

Exemplary embodiments of the present invention have been described above in details; however, in fact, the above exemplary embodiments are not limitative and variations which do not deviate from the essentials of the present invention are included in the present invention.

It should be noted that the present invention claims priority based on Japanese Patent Application 2012-034095 and disclosures of Japanese Patent Application 2012-034095 are incorporated by reference in the present invention. 

1. A network system comprising: a switch configured to perform processes on a received packet in accordance with a flow entry in which are defined a rule and an action for uniformly controlling a packet as a flow; and a controller configured to set said flow entry to a flow table of said switch, wherein said switch notifies a vacancy status of a flow table of said switch itself to said controller, and said controller performs a path calculation in consideration with said vacancy status of said flow table of said switch to improve a utilization of said flow table of said switch.
 2. The network system according to claim 1, wherein said switch notifies a vacancy status of a flow table of said switch itself to said controller by use of an asynchronous message (Asynchronous), which comprises a message transmitted from said switch to said controller, among OpenFlow messages in compliance with OpenFlow protocol, and wherein said controller analyses said asynchronous message (Asynchronous) and records said vacancy status of said flow table of said switch.
 3. The network system according to claim 2, wherein said switch extends and transmits to said controller an error message which comprises an existing message including a group of a type field, a code field and a data field among said asynchronous message (Asynchronous), records a resource utilization status in said type field, records a flow table in said code field and records a vacancy status in said data field.
 4. The network system according to claim 2, wherein said switch newly defines and transmits to said controller a message for notifying from said switch to said controller about a resource utilization status, as said asynchronous message (Asynchronous).
 5. The network system according to claim 1, wherein said controller verifies whether a vacancy of a flow table of said switch is lower than a specified threshold value, re-calculates a path on a basis of topology information from which said switch is excluded if said vacancy of said flow table of said switch is lower than a specified threshold value and disperses a flow entry to switches on a calculated path.
 6. The network system according to claim 1, wherein said controller generates for a physical machine in which said switch operates as a virtual switch, if said switch is a virtual switch and if a vacancy of a flow table of said switch is lower than a specified threshold value, an instance of a new virtual switch to bridge with said switch and extend a flow table of said switch.
 7. The switch used in the network system according to claim
 1. 8. The controller used in the network system according to claim
 1. 9. A method of improving a resource utilization comprising: a switch processing a received packet in accordance with a flow entry in which are defined a rule and an action for uniformly control a packet; a controller setting said flow entry in a flow table of said switch; said switch notifying a vacancy status of a flow table of said switch itself to said controller; and said controller performing a path calculation in consideration of said vacancy status of said flow table of said switch and improving a utilization of said flow table of said switch.
 10. A non-transitory storage medium storing a program which makes a switch execute the method of improving a resource utilization according to claim
 9. 11. A non-transitory storage medium storing a program which makes a controller execute the method of improving a resource utilization according to claim
 9. 